CISM Certified Information Security Manager – Question0255

Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?

A.
Number of controls implemented
B. Percent of control objectives accomplished
C. Percent of compliance with the security policy
D. Reduction in the number of reported security incidents

Correct Answer: B

Explanation:

Explanation:
Control objectives are directly related to business objectives; therefore, they would be the best metrics. Number of controls implemented does not have a direct relationship with the results of a security program. Percentage of compliance with the security policy and reduction in the number of security incidents are not as broad as choice B.